diff options
| author |   patrick <patrick@openbsd.org> | 2017-02-15 21:38:09 +0000 |
|---|---|---|
| committer | patrick <patrick@openbsd.org> | 2017-02-15 21:38:09 +0000 |
| commit | 331f190e015fa0feca28f23e21c682cb3057ccf0 (patch) | |
| tree | 9546303b384aa23e9796d31d2d1af42471ef7dd2 | |
| parent | Fix the code supposed to abort when attempting to detach a slot that's (diff) | |
| download | wireguard-openbsd-331f190e015fa0feca28f23e21c682cb3057ccf0.tar.xz wireguard-openbsd-331f190e015fa0feca28f23e21c682cb3057ccf0.zip | |
Implement permission checks in the copy routines. When they were
initially copied from armv7 no parallel instructions to ldrbt and strbt
were found, so a different permission model based on the addressing was
assumed. This was incorrect as the AArch64 provides ldtrb and sttrb to
do load/store operations with userland permissions.
From Dale Rahn.
| -rw-r--r-- | sys/arch/arm64/arm64/copy.S | 8 | ||||
| -rw-r--r-- | sys/arch/arm64/arm64/copystr.S | 47 |
2 files changed, 44 insertions, 11 deletions
diff --git a/sys/arch/arm64/arm64/copy.S b/sys/arch/arm64/arm64/copy.S index 4d00cfc5a00..ebe717f97d1 100644 --- a/sys/arch/arm64/arm64/copy.S +++ b/sys/arch/arm64/arm64/copy.S @@ -1,4 +1,4 @@ -/* $OpenBSD: copy.S,v 1.1 2016/12/17 23:38:33 patrick Exp $ */ +/* $OpenBSD: copy.S,v 1.2 2017/02/15 21:38:09 patrick Exp $ */ /* * Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com> * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se> @@ -45,8 +45,9 @@ ENTRY(copyin) str x5, [x3, #(PCB_ONFAULT)] // set handler // This probably should be optimized -2: ldrb w6, [x0], #1 +2: ldtrb w6, [x0] strb w6, [x1], #1 + add x0, x0, #1 sub x2, x2, #1 cbnz x2, 2b @@ -82,7 +83,8 @@ ENTRY(copyout) // This probably should be optimized 2: ldrb w6, [x0], #1 - strb w6, [x1], #1 + sttrb w6, [x1] + add x1, x1, #1 sub x2, x2, #1 cbnz x2, 2b diff --git a/sys/arch/arm64/arm64/copystr.S b/sys/arch/arm64/arm64/copystr.S index 2be74817ba3..db4e996b661 100644 --- a/sys/arch/arm64/arm64/copystr.S +++ b/sys/arch/arm64/arm64/copystr.S @@ -1,4 +1,4 @@ -/* $OpenBSD: copystr.S,v 1.1 2016/12/17 23:38:33 patrick Exp $ */ +/* $OpenBSD: copystr.S,v 1.2 2017/02/15 21:38:09 patrick Exp $ */ /* * Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com> * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se> @@ -39,8 +39,7 @@ ENTRY(copystr) ldr x6, [x6, #(CI_CURPCB)] ldr x5, [x6, #(PCB_ONFAULT)] adr x7, .Lcopystrfault -// set handler - str x7, [x6, #(PCB_ONFAULT)] + str x7, [x6, #(PCB_ONFAULT)] // set handler mov x8, xzr @@ -50,7 +49,7 @@ ENTRY(copystr) add x8, x8, #1 cbz w4, .Lcopystrsuccess cbnz x2, 1b - + mov x0, #ENAMETOOLONG b .Lcopystrcleanup @@ -77,8 +76,24 @@ ENTRY(copystr) * Copy string from user space to kernel space */ ENTRY(copyinstr) -// XXX verify that x0 is user and x1 is kernel - b copystr + mrs x6, tpidr_el1 // load curcpu + ldr x6, [x6, #(CI_CURPCB)] + ldr x5, [x6, #(PCB_ONFAULT)] + adr x7, .Lcopystrfault + str x7, [x6, #(PCB_ONFAULT)] // set handler + + mov x8, xzr + +1: ldtrb w4, [x0] + strb w4, [x1], #1 + add x0, x0, #1 + sub x2, x2, #1 + add x8, x8, #1 + cbz w4, .Lcopystrsuccess + cbnz x2, 1b + + mov x0, #ENAMETOOLONG + b .Lcopystrcleanup /* * x0 - kernel space address @@ -89,5 +104,21 @@ ENTRY(copyinstr) * Copy string from kernel space to user space */ ENTRY(copyoutstr) -// XXX verify that x0 is kernel and x1 is user - b copystr + mrs x6, tpidr_el1 // load curcpu + ldr x6, [x6, #(CI_CURPCB)] + ldr x5, [x6, #(PCB_ONFAULT)] + adr x7, .Lcopystrfault + str x7, [x6, #(PCB_ONFAULT)] // set handler + + mov x8, xzr + +1: ldrb w4, [x0], 1 + sttrb w4, [x1] + add x1, x1, #1 + sub x2, x2, #1 + add x8, x8, #1 + cbz w4, .Lcopystrsuccess + cbnz x2, 1b + + mov x0, #ENAMETOOLONG + b .Lcopystrcleanup |